Remove "metamta.insecure-auth-with-reply-to" Config option

Summary: Ref T7477. This option was added in D842 in 2011, to support a specific narrow use case at Quora with community moderators using some kind of weird Gmail config. I don't recall it ever coming up since then, and a survey of a subset of hosted instances (see T11760) reveals that no instances are using this option today. Presumably, even Quora has completed the onboarding discussed in D842, if they still use Phabricator. This option generally does not seem very useful outside of very unusual/narrow cases like the one Quora had. This would be relatively easy to restore as a local patch if installs //do// need it, but I suspect this has no use cases anywhere. Test Plan: Grepped for option, blame-delved to figure out why we added it in the first place, surveyed instances for usage. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T7477 Differential Revision: https://secure.phabricator.com/D19949
2024-09-20 01:08:50 +02:00 · 2019-01-03 08:15:17 -08:00 · 2019-01-03 08:15:17 -08:00 · 84f94994ad
commit 84f94994ad
parent 57b3619181
3 changed files with 3 additions and 33 deletions
--- a/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
+++ b/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
@ -391,6 +391,9 @@ final class PhabricatorExtraConfigSetupCheck extends PhabricatorSetupCheck {

      'phabricator.csrf-key' => pht(
        'CSRF HMAC keys are now managed automatically.'),
+
+      'metamta.insecure-auth-with-reply-to' => pht(
+        'Authenticating users based on "Reply-To" is no longer supported.'),
    );

    return $ancient_config;
--- a/src/applications/config/option/PhabricatorMetaMTAConfigOptions.php
+++ b/src/applications/config/option/PhabricatorMetaMTAConfigOptions.php
@ -245,14 +245,6 @@ EODOC
          ))
        ->setSummary(pht('Show email preferences link in email.'))
        ->setDescription($email_preferences_description),
-      $this->newOption('metamta.insecure-auth-with-reply-to', 'bool', false)
-        ->setBoolOptions(
-          array(
-            pht('Allow Insecure Reply-To Auth'),
-            pht('Disallow Reply-To Auth'),
-          ))
-        ->setSummary(pht('Trust "Reply-To" headers for authentication.'))
-        ->setDescription($reply_to_description),
      $this->newOption('metamta.public-replies', 'bool', false)
        ->setBoolOptions(
          array(
--- a/src/applications/metamta/receiver/PhabricatorMailReceiver.php
+++ b/src/applications/metamta/receiver/PhabricatorMailReceiver.php
@ -109,31 +109,6 @@ abstract class PhabricatorMailReceiver extends Phobject {
        $raw_from);
    }

-    // If we missed on "From", try "Reply-To" if we're configured for it.
-    $raw_reply_to = $mail->getHeader('Reply-To');
-    if (strlen($raw_reply_to)) {
-      $reply_to_key = 'metamta.insecure-auth-with-reply-to';
-      $allow_reply_to = PhabricatorEnv::getEnvConfig($reply_to_key);
-      if ($allow_reply_to) {
-        $reply_to = self::getRawAddress($raw_reply_to);
-
-        $user = PhabricatorUser::loadOneWithEmailAddress($reply_to);
-        if ($user) {
-          return $user;
-        } else {
-          $reasons[] = pht(
-            'Phabricator is configured to authenticate users using the '.
-            '"Reply-To" header, but the reply address ("%s") on this '.
-            'message does not correspond to any known user account.',
-            $raw_reply_to);
-        }
-      } else {
-        $reasons[] = pht(
-          '(Phabricator is not configured to authenticate users using the '.
-          '"Reply-To" header, so it was ignored.)');
-      }
-    }
-
    // If we don't know who this user is, load or create an external user
    // account for them if we're configured for it.
    $email_key = 'phabricator.allow-email-users';